sreuter
commented
3 months ago Did anyone figure out a great way to automatically allow HEAD requests for GET endpoints?
Open jmrnilsson opened 1 year ago
sreuter
commented
3 months ago Did anyone figure out a great way to automatically allow HEAD requests for GET endpoints?
jmrnilsson
commented
1 month ago I only have a few ideas so far. None tested so far. Custom code to evaluate HEAD before delegation to built-in middleware.
Note: Another issue I found was that the middleware seemed validate before HEAD-request gets their bodies purged. So there’s actually content still when the middleware run.
I wished there was an option to send to the middleware to instruct that HEAD request are allowed and content and content length validated.
Is your feature request related to a problem? Please describe. Express-OpenAPI-Validator doesn't implement HTTP HEAD for GET by default. This is unlike ExpressJS. I wasn't able find any mention of the HEAD command in documentation. HEAD is typically accepted for any GET command but a body is not returned.
Describe the solution you'd like Default behavior that doesn't allow HTTP HEAD when only GET specified in OAS. There are no options to enable this behavior. In fact, disabling all OAS-validations still changes the ExpressJS behavior. If OAS middleware is used it effectively changes the behavior and returns 405 Method not allowed.
Describe alternatives you've considered Complete replicated configuration of HTTP HEAD along side HTTP HEAD in the OAS. This is a lot of extra work and may create a OAS almost twice as big in some cases. It would be useful to either change the default behavior or add configuration option.
Additional context Many frameworks, ExpressJS v.4 included, assumes HEAD can be sent for any GET commands for pre-flights or just probing w/o necessarily inspecting any results. It's very useful.